Format object with key value

arnaud_beun · June 6, 2018, 6:52am

Hi,

I am exporting AWS WAF samples to or elasticsearch and JSON WAF return look like this :

{
"@timestamp":"2018-06-01T05:05:48.792Z",
"Headers":[
{
"Value":"xxx",
"Name":"Host"
},
{
"Value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
"Name":"User-Agent"
}
],
"@version":"1",
"Country":"TW",
"Method":"HEAD",
"HTTPVersion":"HTTP/1.1",
"type":"xxx",
"ClientIP":"xxx",
"URI":"/"
}

I am using json codec to parse it and everything is fine except the Headers part.

"Headers":[
{
"Name":"Host",
"Value":"54.246.206.67"
},
{
"Name":"User-Agent",
"Value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
}
],

The Headers key has an object into it and this object can contain multilpe values.

I would like to get all Headers objects and format them like this :

"Headers"."Host":"54.246.206.67",
"Headers"."User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",

Is someone here can help me with this ?

Badger · June 6, 2018, 2:13pm

There is an example of something similar here.

arnaud_beun · June 6, 2018, 2:49pm

Hello Badger,

Thank you so much for your help, it is working well for me.

system · July 4, 2018, 2:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AWS WAF Log Processing header - nested JSON array Elasticsearch	0	66	May 8, 2024
Logstash: parsing AWS WAF log Logstash	5	3406	September 17, 2019
Logstash: parsing fields from json in array of another json Logstash	3	1255	October 24, 2018
How would I mutate a header hash object that has headers that change from request to request? Logstash	2	421	May 5, 2018
Transforming/filtering json logs Logstash	1	241	March 22, 2020

Format object with key value

Related topics